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Abstract: Axioms and verification rules are given for typeless \-calculus 
with a conditional test for equality between atoms. A semantic 
completeness theorem is proved and a deterministic evaluator is 
proposed. 


1. Introduction 


The d-calculus of Church (treated throughly in [BAR80]) is a system for denoting 
functions. For example, the identity function is represented in this system as \z.z, 
and the function which adds 1 to its argument is represented as \z.2 + 1. A more 
complicated example is the “double application” functional, whose arguments are 
themselves functions, and which acts by composing a function with itself. This is 


represented in the d-calculus as \f.rz.f(fz). 


For many years a model for the \-calculus could not be found, due to set theoretical 
difficulties. Finally, Scott was able to construct a structure which was generally agreed 
to be a model, using complete lattices [SCOTT76]. Many attempts were then made to 
give a clean characterization of what a model of the )-calculus was, these are detailed 


in [BAR80] and in [MEYER82]. 


These systems al] have the property that any term can be interpreted as a function. 
This is necessary, since a model of the untyped )-calculus must make sense out of the 
application of any term to any other term. In fact any term can also be interpreted 
as a functional, that is, a function which maps functions to functions, and so on up 
through the type hierarchy. But this is not the behavior we want when we are using 


d-calculus to compute with integers. 


The problem is that there is nothing to distinguish the integers from the other 
terms. Suppose we use a d-calculus with constants for the integers and successor, 
suitably axiomatized. Then in any model, while it is true that the values of integers 
will behave correctly with respect to the value of successor, it is also true that the value 
of 3 applied to the value of 4 will be some value, and there is nothing in the language 
or the model that tells us that this is any different than successor applied to 3. This is 
not what we want. We want constants such as 3 to denote atomic values in all models. 
These are values that cannot be applied to anything without yielding an error. The 


constants that are used to denote atomic values will be called numerals. 


One method for computing with atomic values in the \-calculus is to add type 
information to the terms, to tell what kind of datum each subterm represents. This 
is approach taken in the typed d-calculus. In order for one term to be applied to a 


second, the type of the first term must be functional, with the argument type matching 
the type of the second term. Terms representing atomic values do not have functional 
type, and therefore cannot be applied to anything. Typed -calculus is dealt with 


thoroughly in an appendix to [BARSO]. 


In this treatment, we use a different approach to type errors. We will allow 
arbitrary applications in the language, however, certain terms will lead to run-tzme type 
errors when-evaluated. Our )-calculus will be untyped, and we will provide semantics 
so that the terms which lead to run-time type errors are precisely those terms which 
semantically denote an error value. We are motivated throughout by the language 
LISP, which has a )-calculus like syntax, but expresses computation on objects which 
do not necessarily denote functions (atoms and lists). See [WAND84] for a discussion 


of LISP. 


Since we are using untyped )-calculus, we will be able to draw on the results of 
[MEYER82], to provide a model. A system with error values for run-time type errors 


was also considered in [MILNER78], with a complete partial order semantics. 


In order to do useful computation with numerals, we will find that a condi- 
tional statement is needed. This will take the form: “if <terml>=<term2> then 
<term3> else <term4>.” Without this construct, the expressive power is greatly 
reduced. However, there are many choices to be made in the behavior of this construct. 
Do we evaluate <terml> and <term2> sequentially, or in parallel? What happens 
if the evaluation of <terml> or <term2> leads to a run-time type error? Also, 
what notion of equality between terms do we use? The most strict notion is identity. 
Another notion is provable equality (under some suitable axioms and proof rules). We 
will try to make choices that will result in a recursive evaluator and simple axioms for 


the proof system, while still giving us enough expressive power for programming. 


The language considered is an untyped )-calculus, with a conditional statement 
and error terms. The proof system is that of the classical \-calculus enriched with 


axioms to handle these new constructs, and to handle the properties of numerals. 


The class of models for this language is a special case of combinatory models 


[MEYERS82]. A completeness theorem for the language is derived from the completeness 


theorem for the classical \-caleulus|MEYERS2]. 


2. Syntax 


We will define an untyped )-calculus for computing with atoms. Our language 
will be an extension of the classical \-calculus of Church. Since we have occasion to 


refer to the classical \-calculus, we define it here. 


Definition: Let Var be an infinite set of variables. Let C be a set of constants. We 
define the set of terms A(C) by the following grammar, where t denotes an element of 


A(C), z denotes an element of Var, and c denotes an element of C: 
ti==2|c | tit2 | Az. 


We omit parentheses in the usual fashion. In particular, uuw abbreviates (uv)w, and 


A\zy.u abbreviates \z Ay.u. 


We now extend the language to express computations with atoms. An atom is a 
semantic object, which cannot be applied to anything else without yielding an error. 
An example of an atom might be the number 3 or 17, if we are talking about integers, 
or perhaps the list nil if we are talking about lists. In order to represent atoms in our 
‘language we introduce atomic constants. These are a special type of constant whose 


meaning can only be an atom. 


These are the base syntactic sets: 
Let Var be a set of variables. Typical elements are z, y, z. 
Let Con be a set of constants. Typical elements are c;,¢2,... 
Let ACon be another set of constants (the atomic constants). Typical elements 


are @),@9,.... 
. The three sets Var, Con, and ACon, must be pairwise disjoint. 


Out of these basic sets we build the “\-terms with atoms,” called AT (for Atomic 


Terms). 


Definition: Let cond and * be new symbols. Then given ACon and Con we define the 
set AT(ACon, Con) as as A(Con J ACon U{econd, *}). When there is no confusion, 
we will write simply AT. 


We define an equational calculus over AT by specifying axioms and rules of proof. 


Definition: (Substitution) Free and bound variables are defined inductively, in the 


usual way. The expression [v/z]u, where u,v € AT, 2 € Var denotes the result of 


substituting v for all free occurrences of z in u, with the usual proviso about renaming 


bound variables to avoid capture, i.c. before we substitute v for z in u, we change all 


the bound variables in u to be different from the free variables in v and then we replace 


every free occurrence of z with v. 


Definition: Two terms u and v are a-equivalent, if v results from u by renaming 


the bound variables in some subterm of u (avoiding capture). Following Barendregt 


[BAR80], we consider two terms that are a-equivalent equal on a syntactic level, that 


is, terms are considered modulo a-equivalence. For example, \z.yz and \z.yz are the 


same term. 


Here are the axiom schemes: 


(2) 
(E) 
(C1) 
(C2) 
(C3) 
(C4) 


(Az.u)u = [v/z}u 
uv = +*, 
condaavw = v, 
cond a,aouw = w, 
cond ujuQuw = *, 


cond u;uguw = +, 


And here are the rules: 


(trans & sym) 


(cong) 


(€) 


for u € ACon U{s}. 

for a € ACon. 

if a},a2 € ACon, a; and ag different. 
if either u; or ug is *. 


if either u; or ug is of the form dz.u'. 


usu 
ety 
v= 
usu! 
2a of 
uv) = (uv 
—_vSv 
A\z.u = XZ.U 


This proof systems requires a bit of discussion. The rules are just the usual rules 


taken from the classical \-calculus. Since we are committing to axiom scheme ((), it 


follows that the language has a call-by-nameé parameter passing mechanism (as does 


classical \-calculus). This is to be contrasted with the usual LISP evaluator, which 
evaluates the arguments to a function first (call-by-value). The two strategies differ on 
aterm such as (\xry.z)uv, where v is a term whose evaluation doesn’t terminate. In the 
call-by-value evaluator, the evaluation of the whole term doesn’t terminate, since the 
evaluator never gets done evaluating the arguments. But in a call-by-name evaluator, 
the term v is never evaluated, and the result of evaluating the term will be the result. 


of evaluating u. ~- 


This leaves axiom schemes (E) and (C1) through (C4), which are connected with 
the behavior of type errors, and of cond. So what behavior do we want? This 
depends on our intended use of the language AT. In this treatment, we view AT as a 
programming language for writing programs “about” atoms. That is, when a program 
is given to the evaluator, there are three interesting things that might happen: 

(i) The evaluation of the program might terminate, resulting in a numeral. 

(ii) The evaluation of the program might lead to a run-time type error. 


(iii) The evaluation of the program might not terminate. 


This is not to say that a term such as \zy.z is not interesting, rather, that its 
utility lies in its ability to be included in programs that will produce numerals. If 
we take this view, then the job of the evaluator is: “given a term, if it is equal to 
a numeral, find that numeral.” In particular, if a term is not equal to a numeral, 
we don’t care what the evaluator does, however, it would be nice if the evaluator 
terminates on as many terms as possible. More on this, when we discuss (C4) below. 
In the rest of this section, we will have need to discuss the properties of the intended 
evaluator. Later we will formally define an evaluator with these properties. (We are 
faced here with an expositional difficulty. I am reminded of a remark J heard at a 
philosophy seminar about Kant’s Critique of Pure Reason [KANT29], namely, that he 
had many interesting things to say, and he said them all first. We might have defined 
the evaluator before the proof system, and equality in terms of the evaluator, and then 
defined a proof system which captures it. In fact, neither idea, that of the proof system 
nor the evaluator is really prior to the other. We want the axiom schemes to allow for 
a reasonable evaluator, i.e. one that is effective, and on the other hand, we want axiom 


schemes that make it relatively easy to reason about equality.) 


Now to the rest. of the axioms. 


The purpose of having * in the language, is so we can have a notation for run-time 
type errors. Our hope is to define an evaluator and a notion of run-time type error, 
so that a term not containing * will be provably equal to + if and only if it causes 
a run-type type error when evaluated. There are two kinds of type errors that can 
occur, and they correspond to those axioms schemes, that viewed as reductions have 
the effect of producing an *. These are (E), (C3), and (C4). (We could have introduced 
two symbols +, and +» in order to distinguish between them, at the cost of complicating 


the axioms a little bit). 


First let us see what (E) says. Actually, it is two axioms schemes combined. The 
first says that av = » if a is a numeral. This is one way a type error is created. 
It corresponds to an attempt by the evaluator to apply a numeral to a term. The 
second part, ie. #u = * for any term u, corresponds to “leftmost” evaluation, and is 
needed to insure that type-errors propagate correctly. This is best illustrated by the 


two following examples. 


Consider the term auv, where a is a numeral. Recall that this is an abbreviation 
for (au)v. This is the sort of term that will cause a run-type type error, since the first 
operation of the evaluator will be to try to apply a to u. Therefore our proof system 
should prove this term equal to «. By the first part of rule (E), we know that it is equal 
to *«v. We need the second part to show that it is equal to *. 


Now consider the term (\zy.z)a(bu), where a and b are atoms. This illustrates that 
a term might not cause a run-time type error even though it has a subterm which is 
equal to *«. The reason is that our evaluator will use (8) to turn this into (Ay.a)(bu), and 
then use (8) again to turn it into a, which is the value of the term. The evaluator never 
“gees” that we are applying a numeral to a term, so there is no run-time type error. 
Note that in a call-by-value evaluator, since the arguments would have been evaluated 
first, the evaluator would indeed have encountered the type error. This illustrates our _ 
choice of the term “run-time type error” since this term would have a static type error 


in a language such as typed )-calculus. 


Now for the axioms about cond. The first two, (C1) and (C2), are relatively 


uncontroversial. They correspond to our intuition that cond uju.t)r2 is a notation for 


“if uy; = ue then v, else vy.” 


Axiom scheme (C4) deals with the second kind of type error in the language. The 
first type error can be thought of as “trying to use an atom, where a function was 
expected.” The type error corresponding to (C4) is, in a sense the opposite. Actually, 
our intuition in the preceding paragraph is a bit wrong. The problem is that it is not 
clear that our proof system can tell for sure when two arbitrary terms are not equal. 
Indeed, this relation for the classical \-calculus is [19-complete. So the intuition for 
cond expressed above is a bit ambitious. Here is a second try: cond u;u2v;v2 means “if 
u, and ua are equal to the same numeral then v), if they are equal to different numerals 


then v2.” 


But what about when one or both of them are not equal to numerals? The behavior 
we intend is that if the evaluator can determine that this situation exists, then a type 
error occurs. This brings up the question of when the evaluator can be sure that a 
term is not equal to a numeral. The answer we propose is when it is a \-abstraction, 
ie. of the form \z.u. The purpose of (C4) is to produce such type errors. Why 
can’t \-abstractions be equal to numerals? It is not due to semantic problems that we 
disallow it. Instead we disallow it for two reasons: first, it is not clear that we could get 
a well behaved reduction system (one with the Church-Rosser property, as defined in 
chapter 4), if we did allow it; second, it would go against our intuition of what is meant 
by a numeral. That is, a numeral is something that should not be applied to a term, 
while \-abstractions can be applied to terms by means of (8). Once we have made this 
decision, we can structure our evaluator, so that if it tries to evaluate a \-abstraction 
at top level, it stops, since it knows that the term cannot be equal to a numeral. This 


allows evaluation to terminate on more terms than otherwise. 


Finally, the purpose of (C3) is to make sure that if the evaluator encounters a 
type error while evaluating one of the two terms to be compared, then the result of 


the whole thing is a type error. It is analogous to the #u = » part of (E) above. 


Note that these axioms require parallel evaluation of the terms to be compared in 
acond. That is, if we have cond u,u9v;v9, and the evaluation of u; does not terminate, 


if the evaluation of uz leads to a type error, then we want the wholc term to be «. The 


same is true if we reverse the roles of u,; and ue. Thus, we cannot evaluate cither uy or 
uy before the other. If we simplify our evaluator to do sequential evaluation of u; and 
us, then the axioms might be slightly modified: we must. essentially provide an axiom 
for each possible outcome of the result of evaluating u,. For a sequential evaluator, 


(C3) and (C4) would be replaced by the following: 


(C3’) cond *uvw = * 
(C4'‘) = cond (Az.u)ujvjv2 = * 
(C3")  conda* uv = * fee rr 


(C4") cond a(dz.u)vj v2 = * if a is a numeral 


So let us summarize what cond u;uyv;v» means: “Evaluate u; and u» in parallel. If 
they evaluate to equal numerals, then v,. If they evaluate to unequal numerals then v2. 
If either one of them evaluates to a \-abstractions, then this is a run-time type error. If 
the evaluation of either one of them causes a run-time type error then we preserve that 
run-time type error.” Notice that we leave unspecified what happens if the evaluation 
of both u; and ug result in terms that are neither numerals nor \-abstractions, and do 


not cause type errors. Different models will do different things in this case. 


Definition: Let Ty be all instances of all the above axiom schemes except (8). Let 
T be a set of equations between terms, and let u and v be terms. Let TF u = v be 
the proof relation in classical \-calculus, i.e. u = v follows from T using just (f) and 
the rules. Then we say T proves u = v if TUT,y  u = v. A set of equations T, 
between terms of AT is a theory if the set TUT ,,y is a classical \-theory (i.e. contains 
all instances of (8) and is closed under application of the rules). A set of equations T 
between terms of AT is inconsistent if for every equation u =v, TUT,y Fu = 
(which is to say that T’\U7,,x is inconsistent in classical \-calculus). Otherwise, T is 


consistent. 


Note that a necessary condition for T to be consistent, is that for all a,;,a2 € 
ACon, when a; and ay are different symbols, we do not have that T proves a; = ap. 
For if so, then if u = v is an arbitrary equation, we can show that T proves u = v. 
First, by (C2) we have T proves cond a;aquv = v. Next by repeated applications of 


(cong) we can show that 


Pyy 
T proves cond aja.uv = condajayur. 


But by (C1) we have T proves conda,a,;uv = u, hence by repeated applications of 


(trans & sym) the result follows. 


3. Semantics 


We now define what a model for this language is, along with a denotational 
semantics [STOY77]. The model is a combinatory model as in [MEYERS82], with 
extra structure added to take care of the behavior of atoms. Combinatory models are 
models of classical \-calculus. Our semantics is also taken from the usual semantics 
of d-calculus. This approach is somewhat similar to defining a group as a first order 
structure satisfying some nonlogical axioms. Completeness of these axioms with respect 
% groups then follows from completeness of first order logic. In our case, the classical 
d-calculus and combinatory models are in the same relation to each other as logic 
would be to a first-order definable structure. The axiom schemes (E), (C1), (C2), (C3), 


and (C4) correspond to the group axioms. 


First we recall the definition of combinatory model from [MEYER82]. These serve 


as models for the classical \-calculus. 


Definition: A combinatory model D is a tuple (D,-,€) where - is a binary operation on 
D, and there exists K,S € D such that 

(CM.1) For all dj, dz € D, (K -d,)- dg = dj. 

(CM.2) For all d;, do, d3 € D, ((S - dy) - da) - dz = (d; - dg) - (d2 - dg) 

(CM.3) For all di, dg € D, (€- d;) - dg = dj - do. 

(CM.4) If for all d€ D, dy -d = dg-d then €- dj = €- do. 


In what follows, we write dida for d; -dz and dyda---dp for (-+-(dy « da):-+ « dy). 


Given a combinatory model D = (D,.-,), let « be an interpretation of constants, 
i.e. a map from C to D. Let Env = Var — D. For p € Env, xz € Var, and d€ D let 
p{d/z} € Env be that function such that 
p{d/z}(z) = d, and 
p{d/z}(y) = ply), for y Az. 


The function &>, : A(C) + Env > D is the semantic function for -terms in a 


combinatory model from [MEYER82]. As a notational convenience we write €p,[ul]p 


as simply fu], when no confusion results. 


Definition: The denotational semantics for \-terms. 
(DS.1) c]p = (ce), for cE C. 
(DS.2) [z] = p(z), for z € Var. 
(DS.3) Juv] = (Jul e)(Qe]e). 2 
(DS.4) [[\z.u]}p = 5, where 6 € D is such that for all d € D, 6d = [u]p{d/z}. (By 
definition of € in a combinatory model, ¢6 is independent of the choice of such 
a 6. Furthermore, it shown in [MEYER82] that such a 6 must exist if D is a 


combinatory model.) 


To serve as models for AT we allow only certain types of combinatory models and 


certain types of constant mappings, t: 


Definition: An atomic combinatory model (acm) A is a tuple: (D, -,e,D4,*°,7), where 
*”,4 € D and: 

(ACM.1) (D, -,€) is a combinatory model. 

(ACM.2) D4 C D is a set whose elements are called atoms. 

(ACM.3) For all d € D, alla € DAU{+#"}, a-d = #?. 

(ACM.4) For all a € D4, all dy,do € D, yaad\do = dj. 

(ACM.5) For all a;,a2 € D4, a; 4 ag, all dj, dz € D, ya;aqd dq = do. 

(ACM.6) For all d, do, dg € D, 7 *° dydgdz = yd) *? dyd = +”. 

(ACM.7) For all dj, do, d3,dq € D, y(ed;)dadgd4 = yd;(edz)dgdq = *”. 


The subset D4 of D will serve as values for the atomic constants, that is, they are the 
atoms of D. An acm is simply a combinatory model that satisfies the axiom schemes 
(E) and (C1) through (C4), if *” = [*]p and y = [cond], for all p. That this happens 


is guaranteed by our choice of constant mapping functions t: 


Definition: Let A = (D,-,¢,D4,*”,) be an acm. A function 


t: Con|JACon | J{cond, #} + D i 


is called an interpretation if 
(1.1) o(cond) = ¥. 
(1.2) os) =” 
(1.3) e(a) € pA, for every a € ACon. 

(1.4) e(a,) ¥ c{az) if ay and ay are different. 


Definition: Let D be a combinatory model and .: C — D, a constant mapping. Let 
u,v € A(C). Recall that Hp, u = v if for all p € Env, Jujp = [v]p. If T is a 
set of equations between terms of A(C), we write Fp, T if Fp, ¢ for allt € T. If 
T is a set of equations between terms of A(C), write T  u = v if for all D and 1, 
whenever Fp, T then F¥p, u = v. If T is a set of equations between terms of AT, 
and u,v € AT then we say T semantically implies u =v if TUT,x Fu=v. 


Definition: Let D be a combinatory model, and : C - D aconstant mapping. Then 


define 


Th(D,1) = {u =v: u,v € A(C), Ju]o = [v]p, for all p}. 
The two theorems below are from Meyer [MEYER82]. 


Theorem: (Soundness Theorem for A(C)) If T  u =v then T FE u = v. (From 
which it follows that for any combinatory model D and any constant mapping 


function 4, Th(D, 1) is a \-theory.) 


Theorem: (Completeness Theorem for A(C)) For any \-thcory T, there is a com- 
binatory model D and a constant mapping function 1, such that T = Th(D,1). 
(From which it follows that for any set of equations 7, if TF u = v then T 


u=v.) 


That our proof system is complete now follows directly from Meyer’s results, just 
as in group theory we know that the axioms for groups are complete for the class 
of group by virtue of the fact that first order logic is complete. The axioms T,y 


correspond to the axioms for groups. 


Theorem 3.1: (Soundness Theorem for AT) If 7 proves u = v then T semantically 
implies u-= v. (From which it follows that for any acm A and any interpretation 


t, Th(A, +) is a theory.) 


Theorem 3.2: (Completeness Theorem for AT) For any consistent theory T, there 
is an acm A and an interpretation 1, such that T = Th(A,c). (From which it 
follows that for any set of equations T, if T semantically implics u = v then T 


proves u = v.) 


4. Reduction 


In the two preceding sections, we have presented a proof system and a notion of 
model, and shown that the proof system is complete for that notion of model. We now 


turn to reduction, which comes closer to the computational aspect of terms. 


What are the terms to be used for? We want to use the terms to write programs. 
In this section, we explore an interpreter for those programs. All that the interpreter 
cares about a term, is whether it is provably equal to a numeral. If so, its job is to find 


that numeral. 


With this is mind we introduce a notion of reduction. First, we define the notion 


of a contezt. 


Definition: A contert is a term of AT with a “hole” in its parse tree. Formally, let © 
be a new symbol. Then, a context, C[] is a term of 


A(ACon |) Con Ufcona, +, Q}). 


If u is a term of AT, and C[] a context, then C[u] denotes the result of replacing 
without renaming bound variables, every occurrence of the symbol © in C[] with u. 
For example, if C[] = 2.0, then C[z] = \z.z. This is in contrast to substitution: 


[z/O]\z.6 = dz'.z, where z’ is a fresh variable different from z. 


Definition: A notion of reduction R is a binary relation between terms of AT. Given 


R, define the relation + 7 as 


13 


{(C[u], C[r]) : C[] is a context and (u,v) € R}. 


The relation is written in infix notation. If u—, v we say u reduces tn one slep to v. 
The relation +}, is the reflexive, transitive closure of +,. If u—}, v then we say that 


u reduces tov, or v is a reduclion of u. 


Lemma 4.1: Let C[] be a context. If u —+y v then C[u] +2 Cv]. Also if u +} v 
then Clu] +} Clu]. 


Proof: If u —+,; v then there exists (u’, v’) € and a context C”[], such that u = C"[u'] 
and v = C"[v']. But then C[u] = C[C"[u']] and C[v] = C[C'[v']]. But then as C[C"[]] 
is also a context and by definition of +,, we have Clu] + C[v]. The other statement 


follows by induction on the number of steps it takes to reach vfrom u. g 


' When u is reduced to v we can think of this as a computation step. If the notion 
of reduction is reasonable, then we are never lead down any “blind alleys,” that is, if a 
term is reduced in two different ways to yield two different terms, then it is possible to 
reduce each of these terms to the same term. This is the definition of the Church-Rosser 
property, as defined in Barendregt [BAR80]. 


Definition: A notion of reduction R is Church-Rosser if whenever a term u reduces 


to both v; and ve, then there exists a term u’ that is a reduction of both v; and vo. 


We will choose our notion of reduction so that it captures the proof system 
presented above (in a way that will be made precise) for a given set of equations T, 
and is Church Rosser. A set of equations T is called simple if they are of the form: 

(i) cy¢eg = c3, where ec; € ACon J Con and c; @ ACon, or 


(ii) cy* = *, where c) € Con. 


We also require that for every equation ¢jco = cz in T, the equation c,;* = * is also 
in T. If cycg = cz € T, we say that c; is an acttve constant, since then the reduction 
system has rules for applying it to arguments. A set of equations of this form, can be 
thought of as specifying the behavior of builtin functions on the numerals and on each 


other. Requirement (ii) says that builtin functions cannot ignore type errors, i.e. if we 


4 


get a type error while evaluating the argument to a builtin function, then the whole 


term is equal to *. 


Delinition: Our notion of reduction F is 


RyYReURaURe2UResU Rea UR, 


where 


Ry = {(u,v) : u = v is an instance of axiom scheme §}, 
similarly for all the other axiom schemes and 
Rr = {(u,v):u=veET}. 


We will abbreviate +,,, as + and similarly for the other notions of reduction. 
We are working toward the following result: 


Theorem 4.2: (Church-Rosser Theorem for R) The notion of reduction R defined 


above is Church-Rosser. 
The following definition and two results are taken from Barendregt [BAR80}. 


Theorem 4.3: The notion of reduction Rg is Church-Rosser. 


Definition: Let R; and R2 be two notions of reduction. We say Rj commutes with Reo 
if whenever there exist terms u, v;, and v2 such that u +p, v; and u +), v2, then 


there is a term u’ such that v; +, u’ and v2 +h, wu’. 


Lemma 4.4: (Lemma of Hindley-Rosen): If R; and R2 are two Church-Rosser notions 
of reduction, and R; commutes with Ro, then the notion of reduction R, U Re is 


Church-Rosser. 


The Lemma of Hindley-Rosen can be generalized to work for any number of notions 


of reduction: 
Lemma 4.5: If 2 commutes with R; for 1 <1 <n, then R commutes with UP, R;. 
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Proof: We abbreviate U" ,R; by UR;. We must show that if wu R-reduces to v, 
21 y I 

and u (Uf,)-reduces to vz, then there exists u! which is an F?-reduction of vy and a 

(U R;)-reduction of v;. The proof is by induction on the number of steps it takes to 


reduce u to vy. 


The base case is when it takes 0 steps, i.e. vy = u. Then the desired u! is just vj: 
by assumption it is an R-reduction of vz, and since it is equal to v; it is certainly a 


(U R;)-reduction of v1. = 


Suppose now that the lemma is true when wu reduces to v2 in k steps, we prove it 
for k+1. Then we must have a term v} that is a (U R,)-reduction of u in k steps, 
and without loss of generality we can assume that v!, Ry-reduces in one step to ve 
(otherwise interchange the names of the R;). Then by induction there is a term u” 
that is an R-reduction of v} and is a (U R;)-reduction of v;. But then as R commutes 
with R,, there is a term u' which is an R-reduction of vg and an R;-reduction of u”. 
But since u” is a (U R,)-reduction of v; and u’ is an R,-reduction of u”, we have that 


u' is a (U R;)-reduction of vj, so it is the desired u’. 


Lemma 4.6: Let Rj,..., Rn be a sequence of Church-Rosser notions of reduction, 
where R; commutes with R; for 1 <7 <j <n. Then the notion of reduction 
R,U---UR, is Church-Rosser. 


Proof: Induction on n. For n = 2 this is the Lemma of Hindley-Rosen. Suppose the 
lemma is true forex < k. Consider now n = k. Then by the induction hypothesis, 
R, U---U Rg_; is Church-Rosser. However by the previous lemma R, commutes with 
R,U---UR,-1. Hence by Hindley-Rosen, (RiU---U Ry-1)U Ry is Church-Rosser, 


which completes the proof of the lemma. 4 


Definition: A reduction relation has the diamond property, if whenever u reduces in 
one step to both v; and vo, there is a term u’ which is reducible in at most one step 


from both v; and v2. 
The next Lemma is from Barendregt [BAR80]. é 


Lemma 4.7: If R has the diamond property then R is Church-Rosser. 


16 


Definition: Let PR be a notion of reduction. If (u,v) € RP then the term wu is called a 
reder and the term v is called its reduc. When we refer to a redex r of a term u, we 


are referring to a particular occurrence of a redex r as a subterm of u. 


Let us consider now 


ReURaUReaUResU Rea U Rr. 


This notion of reduction has the following reduction properties: 
1. A reduct is either a constant, or a subterm of the redex. 
2. If u is a redex of C[u], with reduct v, and C[u] is a redex with reduct w, then: 
2.1. If w does not contain u, then C[v] is also redex whose reduct is w. 
2.2. If w does contain u, i.e. w = C"[u], then C[v] is a redex whose reduct is 


C"[v}. 


This is enough to show that the above notion of reduction has the diamond 


property, i.e.: 


Lemma 4.8: Re U Ro; URo2 UU Ro3 U Re, U Rr is Church-Rosser. 


Proof: We show that it has the diamond property. Suppose a term u has two redexes, 
r, and rg. Then there are two cases to consider: 
1. The redexes r; and rz are disjoint. In this case the redexes can be reduced in 
either order, yielding the same term. 
2. One redex occurs inside another. Without loss of generality, assume that ro 
occurs inside r;. Then there are two subcases: 
2.1. The reduct of r; does not contain rg. Then by the above reduction 
properties, if we first reduce rz and then reduce the resulting term, we 
get the same term as if we simply reduced 1. 
2.2. The reduct of r; contains r2. Then r; is Cra], and the reduct of r, is 
C"[rz]. Suppose the reduct of rg is r. Then if we first reduce r; we get 
C' [ra]. If we first reduce rz we get C[r]. But we can reduce C’[rg] to get 
C"[r] and by the above reduction propeties, we can reduce C[r] to C’[r]. 


Since this notion of reduction has the diamond property it is Church-Rosser. § 
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At this point we know that 24 is Church-Rosser, and the rest of the notions of 
reduction, taken together, are Church-Rosser. We will show that all the notions of 
reduction, taken together, are Church-Rosser, using the lemma of Hindly-Rosen. So 
we must establish that #2, commutes with the rest of the reduction notions. By Lemma 


4.5, it suffices to show that 2, commutes with all the other notions of reduction. 


Just as we used the diamond property to show that a notion. of reduction is 
Church-Rosser, we define a property of two notions of reduction that will insure that 
they commute. The definition and the following lemma are taken from Barendregt 


[BAR80]. 


Definition: Two notions of reduction, R,; and Ry, have the cross diamond property, if 
whenever there are terms u, v;, and vo, such that u Ry-reduces in one step to v; and 
R»-reduces in one step to vz, then there is a term u’ that is R)-reducible from ve in at 


most one step, and is Ft)-reducible from v; (in any number of steps). 


Lemma 4.9: If two notions of reduction have the cross diamond property then they 


commute. 


Now we can show that Rg commutes with all the other notions of reduction by 
showing that Rg and each of the other notions enjoy the cross diamond property. 
Unfortunately, to show this is rather tedious, it being a case by case analysis of how 


redexes can overlap. Therefore, we will show one case, the rest are similar. 


Lemma 4.10: Rg and R;; commute. 


Proof: We show that they have the cross diamond property. There are two cases. 

1. A B-redex occurs inside an E-redex. Then the E-redex is of the form uC[(Az.v)w], 
where u € ACon U{*}. If we do the E-reduction first we get +. If we do the 
f-reduction first, we get uC[((v/z]u)], which is an E-redex with reduct +. 

2. An E-redex occurs inside a §-redex. Then there are two subcases: 

2.1. The §-redex is of the form (\z.w)C[uv], where u € AConLU{*}. Then 
if we first do the E-reduction we get (\z.w)C[*], and we can then do 
a §-reduction to get [C[*]/z]w. On the other hand if we first do the /- 
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reduction, we get [C[uv]/z}w, and we can then do a series of L’-reductions, 
one for every free z in w, to ultimately yield (C[*]/z]}w. 

2.2. The #-redex is of the form (Xz.C[ur])w, where u € ACon U{*}. Then 
if we E-reduce first we get (\z.C[*])w, and we can then #-reduce to 
get [w/z](C[*]), which is C’[*], where C’[] is the result of renaming the 
bound variables in C[] and substituting w for free occurrences of z. On 
the other hand if we f-reduce first we get [w/z](C[uv]). Now this is equal 

‘to C"[uv'], where v! is the result of substituting w for all occurrence of z 
in v that are free in C[uv]. But as uv’ is an E-redex, we may reduce it 


to get C'[*], as before. 


This shows that RA); and Rg have the cross diamond property, and therefore commute. 


Theorem 4.2 now follows from Lemma 4.3, Lemma 4.8, Lemma 4.4, and Lemma 


4.10 (and the other omitted cases). 


Theorem 4.11: If T is a simple set of equations, then T F- u = v if and only if there 


is a term w that is reducible from both u and v. 


Proof: Suppose w is reducible from both u and v. Since all the notions of reductions 
are instance of axiom schemes or equations in T, by rules (cong) and (6), if u reduces 
to u' in one step then T F- u = uw’, hence by rule (trans & sym) if u reduces to w 
then T F- u = w. Then if w is reducible from both u and v then T F- u = w and 
T  v = w and then by rule (trans & sym), Thu =v. 


Conversely, suppose T -- u = v. We use induction on the length of proof. If the 
length is 0, then u = v is either an instance of an axiom scheme, or an equation in T. 
In either case u reduces to v in one step, so the desired term w is just v. Otherwise, 

== v follows via a rule, from equations that have shorter proofs. We consider one 


rule at a time. 


(trans & sym) Then T Fr = u and T F r = v for some term r. By induction, 
then, there are terms w; reducible from r and u and wo reducible from rand v. But 


since w; and we are both reducible from r, by the Church-Rosser property there is a 
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term w reducible from both uw, and we. But this term is then reducible from both u 


and v. 


(€) Then u is of the form \z.u! and v is of the form \z.v', where T Fu! = v’. By 
induction, then, there is a term w’, which is reducible from both u! and v'. But then 
the term w = Xz.w’ is reducible from both u and v, by Lemma 4.1, using context 


2.8. 


(cong) Then u is of the form uj, uy and v is of the form v,;v2, where T F u; = v; and 
T uz = vy. Then there exists terms w,; and wy such that w; is reducible from both 
u; and v;. Then from Lemma 4.1, using context u,©, we get that uj wo is reducible 
from ujuz. Again using Lemma 4.1, with context Owe, we get that w)w» is reducible 
from u)wy. Hence w,w2 is reducible from u,uy. Similarly, we can show that w,wz» is 


reducible from v1 v2, s0 w = w wy is the desired term. g- 


5. Evaluation 


If, as remarked above, we view reduction of a term as a computational step, the 
results of the preceding chapter tell us how to build a naive evaluator for our language. 
Namely, start with a term and try all possible reduction sequences. If we arrive at a 
term that can no longer be reduced, then stop. The Church-Rosser theorem guarantees 


that this term will be unique. 


However, this evaluator is a bit unsatisfying. First of all, since we must remember 
the state of several reduction sequences at once, its demands on memory are great. 
Secondly, it will be slow, since it is doing breadth-first search of a tree, without using 
any heuristics to narrow down to the goal. And lastly, it gives us no insight into what 
a run-time type error is, since it might do several E-reductions, and ultimately arrive 


at a term which is not *. 


All that we require of an evaluator is that if a term is provably equal to a numeral 
from T (by Church-Rosser theorem, it must therefore reduce to that numeral) then 
the evaluator will find that numeral. We don’t care what the evaluator does with a 
term that is not equal to a numeral, just so long as it doesn’t return a numeral. That 


is all that we require. However, there are certain things that we desire. One is that 
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the evaluator terminate on as many terms as possible. Second is a notion of type error 
that. coincides with the use of * in the axioms (of course, this is the chicken and egg 


phenomenon). 


As was remarked in Chapter 2, the parallel nature of cond will complicate things, 
since the evaluator cannot simply evaluate one arm of the cond before the other. In 
fact, if we were using the sequential axioms, (C3’), (C4‘), (C3”), and (C4"), then the 
evaluator which always reduces the leftmost redex would be normalizing, i.e. if a term 
u was equal to a term v which had no redexes, then this evaluator would reduce u to 


v. 


Unfortunately, life is not so simple, and we cannot get away with such a simple 
evaluator. Due to the parallel nature of cond, we are forced to consider a parallel 
evaluator, that is, an evaluator which at every step reduces a set of disjoint redexes 
(since the redexes are disjoint, the order in which they are reduced does not matter, 
indeed, they may reduced at the same time, which is why the evaluator is called 


parallel). Parallel evaluators were considered by [LEVY80]. 


Definition: A term of the form cond uj ugugu4 is called a cond-expression. 


We now describe the evaluator EVAL : AT — AT. If u is a term of AT, EVAL(u) 
is a term which is reducible from u. If EVAL(u) = u then the evaluator is said to halt 
on u. The evaluator is repeatedly applied until a term is reached where it halts. This 


process is called EVAL-uation. 


Definition: The evaluator EVAL: 
1. If u is a redex, then EVAL(u) is its reduct. 


2. If u is a cond-expression cond uju2v;v2 then 
EVAL(u) = cond EVAL(u; EVAL (u2)v102 . 


3. If u is \z.v then EVAL(u) = Az.EVAL(v). 

4. If u is ujug, where u; € Var Con then EVAL(u) = u; EVAL(up). 
5. If u = (ujug)u2 then EVAL(u) = EVAL(uju2)u3. : 
6. Otherwise EVAL(u) = u. 
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~In English, EVAL works as follows: it looks for the leftmost redex or cond- 
expression; if it is a redex, it reduces it, if it is a cond-expression, it calls itself recursively 


on the two “arms” of the cond-expression. 


Normalization Claim: EVAL is a normalizing evaluator. That is, if u = v is 
provable from T and v has no redexes (is in normal form), then the EVAL-uation of 


u yields v, and if EVAL(u) = u then u is in normal form. 


It is hoped that this can be shown using some notion of standard reduction, in the same 
way that the Standardization Theorem is proved for classical \-calculus [BAR80]. At 


present, there was not time to prove this claim. 


Even though EVAL is normalizing, it is still not the evaluator we want for AT. 
Recall that all we required of an evaluator is that if a term was equal to a numeral, it 
found that numeral. Since numerals are normal forms, and EVAL is normalizing, it 
accomplishes that goal. But it will not terminate on lots of term which we can be sure 


are not numerals, for example 


= dz.(rA\¥-yy)(Ay-vy) 


has no normal form, so the EVAL-uation of u will never stop, yet since u is a )- 
abstraction, it can never be a numeral. To fix this problem, we modify EVAL so that 


it never looks inside a \-abstraction. 


Definition: In a )-abstraction \z.u the term u is said to be the scope of the i. 


Definition: The evaluator EVAL’ is defined as follows: 
1. If u is a redex, then EVAL'(u) is its reduct. 


2. If u is a cond-expression cond u;ugv;v2 then 
EVAL’(u) = cond EVAL'(u;)EVAL'(uz)v; 02 « 


3. If u is uju2, where u; is an active constant then EVAL'(u) = uj EVAL (uy). 
4. If u = (ujug)u2 then EVAL'(u) = EVAL'(uju2)us. ” 
5. Otherwise EVAL'(u) = u. 


The difference between EVAL and EVAL! is that EVAL! does not reduce inside 
d-abstractions and it only evaluates arguments of live constants, since otherwise it 
knows that it has no rules for reducing the application. Although EVAL! is now no 
longer normalizing (since it halts on dz.(dy-y)z) it still has all that we required of an 


evaluator: 


Theorem 5.1: If u = v is provable from T and v is a numeral, then the EVAL'-uation 


of u yields v. 


Proof: We know by the Normalization Claim that the EVAL-uation of u yields v. 
Now if clause 3. is used in the EVAL-uation, then on the next pass it must be used 
again, since no new redexes or cond-expressions will be created outside the \. So a 
numeral cannot result. Similarly, clause 4. will never be used when wu; is not a live 
constant, since that would result in clause 4. being used again on the next pass, as 
nothing new will be created to trigger clauses 1., 2., or 3. Hence the EVAL-uation of 
u is also an EVAL’-uation and hence the EVAL’-uation u yields v. 4 


We now can explain what a run-time type error is, in terms of the evaluator EVAL’. 
We say that EVAL’ encounters a run-time type error on term 4, if in the EVAL’-uation 
of u, rule 1. is applied to an (E)-redex or to a (C4)-redex. 


Theorem 5.2: Let u be a term which does not contain +. Then EVAL’ encounters a 


run-time type error on term u, if and only if u = * is provable from T. 


Proof: Certainly if u = * then by Church-Rosser it is possible to reduce u to +. 
However, since (E) and (C4) are the only reduction rules which create an *, one of 
these must be used. Also, by the same reasoning as Theorem 5.1, the evaluation of u 


will result in *. Hence, one of the above redexes must be contracted. 


For the converse, it suffices to show that if EVAL(u) results in a type error then u = +. 
We argue by cases, on what clause is used to handle EVAL '(u). 
1. If a type-error results then the redex is either an (E)-redex or a (C4) redex. Then 
the reduct is * so u = *. 
2. Then u = cond u;uyv) v2 and either EVAL'(u;) or EVAL'(uz) results in a type 


error. By induction, then either u; or ug is equal to *. Hence u = +, by (C3). 
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3. Then u = ujuy and EVAL'(us) results in a type error. Then by induction 
uy» = +. So by the restrictions on 7, uj = * € T, sou = *. 

4. Then u = (u;uz)uy and EVAL'(u;uz) results in a type error. By induction, 
then, uju» = * so by axiom scheme (E), u = *. 


5. This cannot cause a type error. 


6. Expressive Power 


In this chapter, we study the expressive power of a particular language of the type 
we have been discussing. In particular, we fix the constants and the set of equations 
T, and ask what functions we can represent. Let the language LAM be the language 
defined in chapter 2, with the following choice of constants: . 

ACon = {n:n=0,1,2...}. 
Con = {Succ}. 


Let the language LAMp be the language LAM, without cond. 
For both LAM and LAMg, the set of equations T will be 
{Succn =n+1:n=0,1,2,...}. 


Definition: Let f be an n-ary partial function over the natural numbers. We say that 


f is numeral represented by a term u, if 
* whenever f(21,...,%,) = 9 then TF utj---t, =], 
and 
whenever f(2},...,%,) is undefined then T  uzj---t, = 9, for any 7. 


Definition: The Church numeral n is defined as follows: 
0 = df dAz.z 
n =f dz. fz, for n > 0. 


We also define what it means for a term to Church-represent a partial function: simply 


replace 4 by z in the above definition. 


Theorem 6.1: The Church-representable partial functions are exactly the partial 


recursive functions. 
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Proof: Sce Barendregt [BAR8O}. 
We show that we can translate between n and 7 using termns, and therefore: 


Theorem 6.2: The numeral representable partial functions are exactly the partial 


recursive functions. 


This follows after a few lemmas. 


—" 


Lemma 6.3: ([BAR80]) There is a term Succ such that for all n, Sucen = n+ 
Proof: An immediate corollary of Theorem 6.1. In fact the term 
dy Af \z.f(yfz) 
will serve as Succ as is easily shown by induction. 
Lemma 6.4: ({BAR80]) There is a term Y (Curry’s Paradoxical Combinator) such that 
for all u, Yu = u(Yu). 
Proof: Y = \f(d\z.f(zz))(\z.f(zz)), since 


Yu = (dz.u(zz))(\z.u(zz)) = u((Az-u(zz))(\z.u(zzr))) = u(Yu). 8 


Lemma 6.5: There is a term Pred such that for all m >n > 0, 
TF Predmn = m-—1. 
Proof: We can write a recursive definition for Pred as follows: 
Pred zy = cond z(Succ y)y(Pred z(Succ y)) . 


In “programming” terms, we check if z is the successor of y, if it is we return y, if not 
we increment y and try again. The program must halt if z > y. Writing the above 


equation another way, we get 
Pred = (\f \z dy.cond z(Succ y)y(fz(Suce y)))Pred . 
Then by the previous lemma, the term - 


Pred = Y(\f \z dy.cond z(Succ y)y( fz(Succ y))) 
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will behave as desired, as can be checked by induction.  § 


Lemma 6.6: There are LAM terms u and v such that for all n 


Threun=nand TF on =n. 
Proof: The term v is simply \z.zSucc 9, since then 
on = nSucc0 = Succ! = n. 
The term u is more complicated. Again, we write a recursive deBnition: 
uz = cond 70(0)(Suce(u(Predz))), 

or equivalently, 

u = (\f \z.cond 20(0)(Suce(u(Predz))))u , 
so again we see that 

u = Y(\f \z.cond 20(0)(Suce(u(Predz)))) 


will work, as can be verified by induction. 4g 


Proof of Theorem 6.2: Let f be an n-ary partial recursive function. Then by 


Theorem 6.1 there is a term h which Church-represents f. Let u and v be as in the 


preceding lemma. The the following term will represent f: 


Az1++ -Zn.v(h(uzry)---(urn)) . 


By switching the roles of u and v we can show that every representable function is 


Church-representable. 4g 


So using LAM, we can represent all the numeric functions that we can hope the 


represent. We explore now, what the situation is if cond is not allowed, that is, what 


functions are representable by terms of LAMo. 


Definition: Let 7? be the function of n arguments whose value is the zth argument, 


i.e. 


Re (Lys s0y Ze) == Zz 
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For all natural numbers 7, let a, be the function of one argument that adds nm to its 
argument, and let k,, be the function of one argument who value in n, i.e. 


a,(z)=2z+n 
k,(z) =n. 


Let w be the unary function that is undefined everywhere. 


Lemma 6.7: The functions wo 7?, k,, © nt, and a,, 0 7? are representable by LAMy 


terms, for all natural numbers m, n, and 7 with 1 <i <n. 


Proof: First note that if an n-ary function f is represented by a term F,, and a unary 
function g is represented by a term G, then the n-ary function go f is represented 
by \z.G(Fz). Hence it suffices to show that the functions n?, w, kn, and ay are all 
representable. But 7? is represented by \7z1---Zn.z;, kn is represented by \z.n, an is 


represented by \z.Suce'")z, and w is represented by ((\z.zz)(\z.zz)). 


We will show that these simple functions are all the functions that can be rep- 
resented by terms of LAMp. To do this we must analyze the nature of reductions. 


Let R’ be the notion of reduction R above, restricted to terms of LAMg, i.e., R’ = 
RgUReVURr. 


Lemma 6.8: Let RL7 = RgURz. If there are term u and v of LAMy such that 
u—h v, then there exists a term w, such that u —*7 w and w —7 4, in other 


words, we may postpose J-reduction to the very last. 
Proof: We will show that T-reduction can be “moved past” the other two types of 
reduction, i.e., if 
W) 7T W2 +B W3 
then there is a term w, such that 
Ww] +3 wW4 > T WS, 
and similarly for R;;. In other words if a T-reduction occurs before cither a 6-reduction 
(or an E-reduction), then we can replace those two reductions by a §-reduction (E- 


reduction respectively) followed by a T-reduction. To see this, note that a T-reduct 


is a single constant, therefore cannot contain a @-redex or an E-redex. Therefore any 


27 


f-redexes or /-redexes in the reduced term must be disjoint. with the original T-redex, 


so the reductions could have been carried out in reverse order. § 


Definition: Let c),cz,... be new constants of ACon. A term which includes these 
constants is said to be a generalized term. If uisa generalized term and f is any total 
unary function on the natural numbers then we write f(u) to mean the term of LAMy 
which results from u by replacing each constant c; by f(z). If f(u’) = u for some f 


then we say that u! generalizes u. 


Lemma 6.9: Let f be a total unary function on natural numbers. 
(i) If (u,v) € Ror then (f(u), f(v)) € Rar. 
(ii) If u +7 v then f(u) +7 f(v). 
(iii) If u—>*p v then f(u) ot,p f(v)- 
Proof: It suffices to show (i). For then, if u — 7 v then there is a context C[] such 
that u = Clu], v = C[vp], and (uo, v9) € Rar. But then by (i), (f(uo), f(vo)) € Rar 
and since f(u) = f(C)[f(uo)] and f(v) = f(C)[f(vo)] we have that f(u) +r f(v), 


showing (ii). To show (iii), we proceed by induction using (ii). 


To show (i), we proceed by cases. If (u,v) € Re, then u is of the form cug where 
ec € ACon U{*}, and v =. Then f(u) is of the form c’f(uo), where c’ is either c or a 
new constant c;, and f(v) = *. But as c; € ACon, we again have (f(u), f(v)) € Re. 


If (u,v) € Rg, then u = (Az.ug)vp, v = [vp /z]up. But then f(u) = (Az. f(ug))f(vo) and 
f(v) = [F(vo)/z]f(uo). Hence, (f(u), f(v))€ Rg. a | 


Lemma 6.10: Suppose u and v are LAM terms, f is a total unary function on 
natural numbers and f(u’) = u. Then: 
(i) If (u, v) € Ror then there exists a term v' such that f(v’) = u and (u’, v') € Rar. 
(ii) If u +.7 v then there exists a term v' such that f(v’) =u and u! +. v’. 


(iii) If u —+*7 v then there exists a term v’ such that f(v') =u and u! 7 0’. 
Proof: Again, by a similar argument it suffices to prove (i). We show (i) by cases. 


If (u,v) € Ry then v = * and u is of the form cuo, where c € ACon U{+}. Then u’ 
must be of the form c'uy, where f(up) = uo and c’ is either c or some new constant c,. 


Let v! = *. Since c; € ACon, in either case we have (u’,v') € Ry, and f(v') = v. 
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If (u,v) € Ry, then u = (Az-uy)rp, and v = [vy/z]uy. Then u’ must be of the form 
(Az.up)vy, where f(uy) = ug and f(v4) = ug. Let v! = [vpy/z}uy. Then (u’,v') € Ry 


and f(v')=v. & 


Theorem 6.11: The functions wo", k,,07", and a,,,07”, for all natural numbers m 
2 mr 2 we 2? ? 


n, and 1 with 1 <2 < n, are the only functions representable by LAMg terms. 
Proof: Suppose an n-ary function g is represented by a LAMg term G. 


Case 1: g(0,...,0) is undefined. Then GO---Q does not reduce to a numeral. Suppose 
9(t1,.--,%n) = m for some (t),...,%n). Then G2j---t, reduces to m. Then by Lemma 
6.8 there is a term w such that 
Giy- +t, ip w and 
worm. 

But since the only T-reduction is of the form Succn = n+1, the term w must be 
of the form Succ!*); for some natural numbers p and 2, such that p+1 = m. Define 
functions f; and f2 on natural numbers by f(z) = 2, fo(z) = 0. Consider now the 
term G' = Ge;,---c;,. Then f;(G’) = Gij---t,. By Lemma 6.10 there is a term w’ 
such that G’ +*7 w! and fi(w’) = Suce!")i. Then w! is either Succ”)y or Suce™c;. By 
Lemma 6.9, fo(G’) +=7 fo(w’). But fo(G’) = GO---0, and fo(w’) is either Suce!")y or 
Succ'?)9, contradicting the fact that GQ---0 does not reduce to a numeral. Hence g is 


undefined at al] argument, so is equal to wo 7? for any 1. 


Case 2: 9(0,...,0) =m. Then GQ---0 reduces to m. As before, this means that there 
is a term w such that 
GQ---0 +2, w and 
worm, 
which means that w is Succ!)z, Let G’ = Ge,---c,. Then fo(G') = Go---0. By 


Lemma 6.10, there is a term w’ such that fo(w’) = w and Gcj---e, >‘ w'. But w’ is 


then either Succ!) or if i = 0, w’ can be Succ!?le,, for some 7, where 1 <j <7. 


Now consider g(ti,...,%n). Let f3 be defined by f3(z) = iz, for z = 1,...,n, 
otherwise anything at all. Then f3(G’) = Gz,---t,. Then be Lemma 6.9, we must 


have Gij:--t, S27 f3(w’). 


If w' = Suce!z, then fa(w') = Suce!);, so g(2\,...,%,) == 2. Hence we have shown 


that g is the function k; o 7} for any 9. 


Otherwise w! = Sucel*e,. But then f3(w’) = Sucel”); ;. Hence g(t1,-..,%) = tj +p, 


so g is the function a,,o n. | 


7. Conclusion 


The result of all of the above is that we have achieved a harmonious match 
between a proof system for equality, a denotational semantics and an evaluator. The 
completeness theorem tells us that a match exists between syntax and semantics: our 
proof system proves exactly those equations which are valid in all models. Also, the 
axioms match the evaluator: the proof system proves equations u = v, where v is a 
numeral iff the evaluator can drive u to v, also, a +-free term u is provably equal to 
*, iff the evaluator encounters a run-time time error during the evaluation of u. Thus, 


the intuituion of * as a notation for run-time type errors is justified. 


One would like, at this point, to begin to make extensions to the language, while 
trying to keep this match intact. There are several ways to extend. Of course, the 
Normalization Claim needs to be proved, and beyond that, there is the question of how 
to lift the restrictions on T (i.e. the simpleness restrictions) in such a way that leads 
to a Church-Rosser reduction system, and an evaluator which behaves properly with 
respect to +. For instance we might want to allow equations of the form cjc2...c, = c 


into T, to better model functions that take more than one argument. 


Another extension is to examine systems where the atomic elements have some 
structure. For example, in LISP, lists of atoms, such as (3 4 5) are terms which should 
behave like numerals with respect to application. Another structure construct that 
would be useful is Cartesian product. However, it is a result of Klop [BAR80] that the 
usual axioms for surjective pairing: 

left pair zy = 2 


right pair zy = y 
pair (left z)(right z) = 2 


are not Church-Rosser, when combined with (3). It is not completely clear however, 
whether or not it is possible to devise a Church-Rosser reduction system whose theory 


of equality is the same as that of (f) plus the surjective pairing axioms. 


Another direction is to look at systems that have some machinery to tell atoms 
from non-atoms. The cond construct almost does the trick, but not quite. Let u = 
dz.cond zzyy; if we apply u to a numeral we will get back y, while if we apply u to 
a d-abstraction we will get +. If we apply it something that is neither a numeral nor 
a d-abstraction, the result will depend on how strong the T-axioms are, i.e. how few 
applications are normal forms. Still, if we apply it to something whose evaluation 


doesn’t terminate then we get no information. 


Another construct that we might consider is 


case uv; v2. 


This construct comes up when we are considering models that are disjoint sums, i.e. if 
we are given a domain A of atoms, we seek a domain D such that D=A+ (D — D). 
The intended meaning of case uv; v2 is 

v;(a), if u = inl(a), for some a € A, 

vo(f), if u = inr(f), for some f € (D — D), 


where inl and inr are the injections into D from A and (D — D), respectively. 
However, we may also run into Church-Rosser difficulties here, since the desired axioms 
for case: 
case(inl z) fg = fz 
case(inr z) fg = gz 


case z(hoinl)(hoinr) = hz 


are very similar to those for surjective pairing, if fact, they are the category theoretic 


dual. 


If in fact the surjective pairing axioms, and the case axioms cannot be captured 
by a Church-Rosser reduction system in the untyped )-calculus, work needs to be done 
on how these axioms can be-weakened to yield Church-Rosser systems that'still capture 


the “intuition” of pairing and case. 
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